Eric Lee / smarc-fsl-linux-kernel

10 Nov, 2016

1 commit

  • b13d14339   ppdev: fix double-free of pp->pdev->name ... Browse Code »

    free_pardevice() is called by parport_unregister_device() and already frees
    pp->pdev->name, don't try to do it again.

    This bug causes kernel crashes.

    I found and verified this with KASAN and some added pr_emerg()s:

    [ 60.316568] pp_release: pp->pdev->name == ffff88039cb264c0
    [ 60.316692] free_pardevice: freeing par_dev->name at ffff88039cb264c0
    [ 60.316706] pp_release: kfree(ffff88039cb264c0)
    [ 60.316714] ==========================================================
    [ 60.316722] BUG: Double free or freeing an invalid pointer
    [ 60.316731] Unexpected shadow byte: 0xFB
    [ 60.316801] Object at ffff88039cb264c0, in cache kmalloc-32 size: 32
    [ 60.316813] Allocated:
    [ 60.316824] PID = 1695
    [ 60.316869] Freed:
    [ 60.316880] PID = 1695
    [ 60.316935] ==========================================================

    Signed-off-by: Jann Horn
    Acked-by: Sudip Mukherjee
    Signed-off-by: Greg Kroah-Hartman

    Jann Horn
     

31 Aug, 2016

1 commit

  • 8b7d3a9d9   ppdev: use new parport device model ... Browse Code »

    Modify ppdev driver to use the new parallel port device model.

    Initially submitted and committed as:
    e7223f186033 ("ppdev: use new parport device model")

    But due to some regression it was reverted by:
    1701f680407c ("Revert "ppdev: use new parport device model"")

    Now that the original source of regression is fixed by:
    bbca503b2ee0 ("parport: use subsys_initcall") we can again modify ppdev
    to use device model.

    Signed-off-by: Sudip Mukherjee
    Signed-off-by: Greg Kroah-Hartman

    Sudip Mukherjee
     

26 Mar, 2016

1 commit

  • 1701f6804   Revert "ppdev: use new parport device model" ... Browse Code »

    This reverts commit e7223f18603374d235d8bb0398532323e5f318b9.

    It causes problems when a ppdev tries to register before the parport
    driver has been registered with the device model. That will trigger the

    BUG_ON(!drv->bus->p);

    at drivers/base/driver.c:153. The call chain is

    kernel_init ->
    kernel_init_freeable ->
    do_one_initcall ->
    ppdev_init ->
    __parport_register_driver ->
    driver_register *BOOM*

    Reported-by: kernel test robot
    Reported-by: Ross Zwisler
    Reported-by: Petr Mladek
    Cc: Sudip Mukherjee
    Cc: Greg Kroah-Hartman
    Signed-off-by: Linus Torvalds

    Linus Torvalds
     

15 Feb, 2016

8 commits

09 Feb, 2016

2 commits

  • 17a3596f2   ppdev: add support for compat ioctl ... Browse Code »

    The arg of ioctl in ppdev is the pointer of integer except the
    timeval in PPSETTIME, PPGETTIME. Different size of timeval
    is already supported by the previous patches. So, it is safe
    to add compat support.

    Signed-off-by: Bamvor Jian Zhang
    Reviewed-by: Arnd Bergmann
    Tested-by: Sudip Mukherjee
    Signed-off-by: Greg Kroah-Hartman

    Bamvor Jian Zhang
     
  • 3b9ab374a   ppdev: convert to y2038 safe ... Browse Code »

    The y2038 issue for ppdev is changes of timeval in the ioctl
    (PPSETTIME and PPGETTIME). The size of struct timeval changes from
    8bytes to 16bytes due to the changes of time_t. It lead to the
    changes of the command of ioctl, e.g. for PPGETTIME, We have:

    on 32-bit (old): 0x80087095
    on 32-bit (new): 0x80107095
    on 64-bit : 0x80107095

    This patch define these two ioctl commands to support the 32bit
    and 64bit time_t application at the same time. And, introduce
    pp_set_timeout to remove some duplicated code.

    Signed-off-by: Bamvor Jian Zhang
    Reviewed-by: Arnd Bergmann
    Tested-by: Sudip Mukherjee
    Signed-off-by: Greg Kroah-Hartman

    Bamvor Jian Zhang
     

23 Feb, 2013

1 commit

29 Oct, 2012

1 commit

16 Oct, 2012

1 commit

  • 5d0c3d4f3   parport: dead code in pp_write ... Browse Code »

    We always update bytes_written before we check signal_pending so it
    follows that we can't get a signal return for 0 bytes so we don't
    need to check in the singal path. The cases a signal causes an earlier
    abort are handled before this and will not hit this path

    Signed-off-by: Alan Cox
    Signed-off-by: Jiri Kosina

    Alan Cox
     

06 Sep, 2012

1 commit

  • 9a32bb39d   ppdev: ppdev_init: do not return zero in case of failure ... Browse Code »

    Error handling of parport_register_driver() in ppdev_init()
    is broken because it deallocates all resources but still
    returns zero.

    Currently parport_register_driver() always succeeds.
    Nevertheless it is worth to fix the issue.

    Found by Linux Driver Verification project (linuxtesting.org).

    Signed-off-by: Alexey Khoroshilov
    Signed-off-by: Greg Kroah-Hartman

    Alexey Khoroshilov
     

27 May, 2011

1 commit

  • d98808a25   drivers/char/ppdev.c: put gotten port value ... Browse Code »

    parport_find_number() calls parport_get_port() on its result, so there
    should be a corresponding call to parport_put_port() before dropping the
    reference. Similar code is found in the function register_device() in the
    same file.

    The semantic match that finds this problem is as follows:
    (http://coccinelle.lip6.fr/)

    //
    @exists@
    local idexpression struct parport * x;
    expression ra,rr;
    statement S1,S2;
    @@

    x = parport_find_number(...)
    ... when != x = rr
    when any
    when != parport_put_port(x,...)
    when != if (...) { ... parport_put_port(x,...) ...}
    (
    if() S1 else S2
    |
    if(...) { ... when != x = ra
    when forall
    when != parport_put_port(x,...)
    *return...;
    }
    )
    //

    Signed-off-by: Julia Lawall
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Julia Lawall
     

28 Oct, 2010

1 commit

05 Oct, 2010

1 commit

  • 613655fa3   drivers: autoconvert trivial BKL users to private mutex ... Browse Code »

    All these files use the big kernel lock in a trivial
    way to serialize their private file operations,
    typically resulting from an earlier semi-automatic
    pushdown from VFS.

    None of these drivers appears to want to lock against
    other code, and they all use the BKL as the top-level
    lock in their file operations, meaning that there
    is no lock-order inversion problem.

    Consequently, we can remove the BKL completely,
    replacing it with a per-file mutex in every case.
    Using a scripted approach means we can avoid
    typos.

    These drivers do not seem to be under active
    maintainance from my brief investigation. Apologies
    to those maintainers that I have missed.

    file=$1
    name=$2
    if grep -q lock_kernel ${file} ; then
    if grep -q 'include.*linux.mutex.h' ${file} ; then
    sed -i '/include.*/d' ${file}
    else
    sed -i 's/include.*.*$/include /g' ${file}
    fi
    sed -i ${file} \
    -e "/^#include.*linux.mutex.h/,$ {
    1,/^\(static\|int\|long\)/ {
    /^\(static\|int\|long\)/istatic DEFINE_MUTEX(${name}_mutex);

    } }" \
    -e "s/\(un\)*lock_kernel\>[ ]*()/mutex_\1lock(\&${name}_mutex)/g" \
    -e '/[ ]*cycle_kernel_lock();/d'
    else
    sed -i -e '/include.*\/d' ${file} \
    -e '/cycle_kernel_lock()/d'
    fi

    Signed-off-by: Arnd Bergmann

    Arnd Bergmann
     

28 May, 2010

1 commit

  • 87575437d   drivers/char/ppdev.c: use kasprintf ... Browse Code »

    kasprintf combines kmalloc and sprintf, and takes care of the size
    calculation itself.

    The semantic patch that makes this change is as follows:
    (http://coccinelle.lip6.fr/)

    //
    @@
    expression a,flag;
    expression list args;
    statement S;
    @@

    a =
    - \(kmalloc\|kzalloc\)(...,flag)
    + kasprintf(flag,args)

    - sprintf(a,args);
    //

    Signed-off-by: Julia Lawall
    Cc: Michael Buesch
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Julia Lawall
     

30 Mar, 2010

1 commit

  • 5a0e3ad6a   include cleanup: Update gfp.h and slab.h includes to prepare for breaking implic… ... Browse Code »

    …it slab.h inclusion from percpu.h

    percpu.h is included by sched.h and module.h and thus ends up being
    included when building most .c files. percpu.h includes slab.h which
    in turn includes gfp.h making everything defined by the two files
    universally available and complicating inclusion dependencies.

    percpu.h -> slab.h dependency is about to be removed. Prepare for
    this change by updating users of gfp and slab facilities include those
    headers directly instead of assuming availability. As this conversion
    needs to touch large number of source files, the following script is
    used as the basis of conversion.

    http://userweb.kernel.org/~tj/misc/slabh-sweep.py

    The script does the followings.

    * Scan files for gfp and slab usages and update includes such that
    only the necessary includes are there. ie. if only gfp is used,
    gfp.h, if slab is used, slab.h.

    * When the script inserts a new include, it looks at the include
    blocks and try to put the new include such that its order conforms
    to its surrounding. It's put in the include block which contains
    core kernel includes, in the same order that the rest are ordered -
    alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
    doesn't seem to be any matching order.

    * If the script can't find a place to put a new include (mostly
    because the file doesn't have fitting include block), it prints out
    an error message indicating which .h file needs to be added to the
    file.

    The conversion was done in the following steps.

    1. The initial automatic conversion of all .c files updated slightly
    over 4000 files, deleting around 700 includes and adding ~480 gfp.h
    and ~3000 slab.h inclusions. The script emitted errors for ~400
    files.

    2. Each error was manually checked. Some didn't need the inclusion,
    some needed manual addition while adding it to implementation .h or
    embedding .c file was more appropriate for others. This step added
    inclusions to around 150 files.

    3. The script was run again and the output was compared to the edits
    from #2 to make sure no file was left behind.

    4. Several build tests were done and a couple of problems were fixed.
    e.g. lib/decompress_*.c used malloc/free() wrappers around slab
    APIs requiring slab.h to be added manually.

    5. The script was run on all .h files but without automatically
    editing them as sprinkling gfp.h and slab.h inclusions around .h
    files could easily lead to inclusion dependency hell. Most gfp.h
    inclusion directives were ignored as stuff from gfp.h was usually
    wildly available and often used in preprocessor macros. Each
    slab.h inclusion directive was examined and added manually as
    necessary.

    6. percpu.h was updated not to include slab.h.

    7. Build test were done on the following configurations and failures
    were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
    distributed build env didn't work with gcov compiles) and a few
    more options had to be turned off depending on archs to make things
    build (like ipr on powerpc/64 which failed due to missing writeq).

    * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
    * powerpc and powerpc64 SMP allmodconfig
    * sparc and sparc64 SMP allmodconfig
    * ia64 SMP allmodconfig
    * s390 SMP allmodconfig
    * alpha SMP allmodconfig
    * um on x86_64 SMP allmodconfig

    8. percpu.h modifications were reverted so that it could be applied as
    a separate patch and serve as bisection point.

    Given the fact that I had only a couple of failures from tests on step
    6, I'm fairly confident about the coverage of this conversion patch.
    If there is a breakage, it's likely to be something in one of the arch
    headers which should be easily discoverable easily on most builds of
    the specific arch.

    Signed-off-by: Tejun Heo <tj@kernel.org>
    Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
    Cc: Ingo Molnar <mingo@redhat.com>
    Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>

    Tejun Heo
     

19 Jun, 2009

1 commit

  • 81fc401e4   ppdev: reduce kernel log spam ... Browse Code »

    One of my programs frequently grabs the parport, does something with it
    and then drops it again. This results in spamming of the kernel log with

    "... registered pardevice"
    "... unregistered pardevice"

    These messages are completely useless, except for debugging ppdev,
    probably. So put them under DEBUG (or dynamic debug).

    Signed-off-by: Michael Buesch
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Michael Buesch
     

17 Oct, 2008

1 commit

26 Jul, 2008

1 commit

22 Jul, 2008

1 commit

21 Jun, 2008

2 commits

24 Oct, 2007

1 commit

17 Oct, 2007

1 commit

09 May, 2007

2 commits

  • e63340ae6   header cleaning: don't include smp_lock.h when not used ... Browse Code »

    Remove includes of where it is not used/needed.
    Suggested by Al Viro.

    Builds cleanly on x86_64, i386, alpha, ia64, powerpc, sparc,
    sparc64, and arm (all 59 defconfigs).

    Signed-off-by: Randy Dunlap
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Randy Dunlap
     
  • da6752964   layered parport code uses parport->dev ... Browse Code »

    Update some of the layered parport_driver code to use parport->dev:

    - i2c-parport (parent of i2c_adapter)
    - spi_butterfly (parent of spi_master, allowing cruft removal)
    - lp (creating class_device)
    - ppdev (parent of parportN device)
    - tipar (creating class_device)

    There are still drivers that should be updated, like some of the input
    drivers; but they won't be any worse off than they are today.

    Signed-off-by: David Brownell
    Cc: Greg KH
    Cc: Jean Delvare
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    David Brownell
     

09 Dec, 2006

1 commit

02 Dec, 2006

1 commit

05 Oct, 2006

1 commit

  • 7d12e780e   IRQ: Maintain regs pointer globally rather than passing to IRQ handlers ... Browse Code »

    Maintain a per-CPU global "struct pt_regs *" variable which can be used instead
    of passing regs around manually through all ~1800 interrupt handlers in the
    Linux kernel.

    The regs pointer is used in few places, but it potentially costs both stack
    space and code to pass it around. On the FRV arch, removing the regs parameter
    from all the genirq function results in a 20% speed up of the IRQ exit path
    (ie: from leaving timer_interrupt() to leaving do_IRQ()).

    Where appropriate, an arch may override the generic storage facility and do
    something different with the variable. On FRV, for instance, the address is
    maintained in GR28 at all times inside the kernel as part of general exception
    handling.

    Having looked over the code, it appears that the parameter may be handed down
    through up to twenty or so layers of functions. Consider a USB character
    device attached to a USB hub, attached to a USB controller that posts its
    interrupts through a cascaded auxiliary interrupt controller. A character
    device driver may want to pass regs to the sysrq handler through the input
    layer which adds another few layers of parameter passing.

    I've build this code with allyesconfig for x86_64 and i386. I've runtested the
    main part of the code on FRV and i386, though I can't test most of the drivers.
    I've also done partial conversion for powerpc and MIPS - these at least compile
    with minimal configurations.

    This will affect all archs. Mostly the changes should be relatively easy.
    Take do_IRQ(), store the regs pointer at the beginning, saving the old one:

    struct pt_regs *old_regs = set_irq_regs(regs);

    And put the old one back at the end:

    set_irq_regs(old_regs);

    Don't pass regs through to generic_handle_irq() or __do_IRQ().

    In timer_interrupt(), this sort of change will be necessary:

    - update_process_times(user_mode(regs));
    - profile_tick(CPU_PROFILING, regs);
    + update_process_times(user_mode(get_irq_regs()));
    + profile_tick(CPU_PROFILING);

    I'd like to move update_process_times()'s use of get_irq_regs() into itself,
    except that i386, alone of the archs, uses something other than user_mode().

    Some notes on the interrupt handling in the drivers:

    (*) input_dev() is now gone entirely. The regs pointer is no longer stored in
    the input_dev struct.

    (*) finish_unlinks() in drivers/usb/host/ohci-q.c needs checking. It does
    something different depending on whether it's been supplied with a regs
    pointer or not.

    (*) Various IRQ handler function pointers have been moved to type
    irq_handler_t.

    Signed-Off-By: David Howells
    (cherry picked from 1b16e7ac850969f38b375e511e3fa2f474a33867 commit)

    David Howells
     

04 Jul, 2006

1 commit

  • 62322d255   [PATCH] make more file_operation structs static ... Browse Code »

    Mark the static struct file_operations in drivers/char as const. Making
    them const prevents accidental bugs, and moves them to the .rodata section
    so that they no longer do any false sharing; in addition with the proper
    debug option they are then protected against corruption..

    [akpm@osdl.org: build fix]
    Signed-off-by: Arjan van de Ven
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Arjan van de Ven
     

27 Jun, 2006

4 commits